API Reference v2.0.0

Suggest edits

Packages

pgd.k8s.enterprisedb.io/v1beta1

Package v1beta1 contains API Schema definitions for the pgd v1beta1 API group

Resource Types

Backup

Backup configures the backup of cnp-pgd nodes

Appears in:

PGDGroupSpec

Field	Description	Required	Default	Validation
`configuration` BackupConfiguration	The CNP configuration to be used for backup. ServerName value is reserved by the operator.
`cron` ScheduledBackupSpec	The scheduled backup for the data. please use schedulers instead. Deprecated: This field is deprecated, will be removed in future versions.
`schedulers` ScheduledBackupSpec array	Define schedulers for the backup. Each scheduler has a different backup method. Only one of either `backup.cron` or `backup.schedulers` can be defined.

BackupStatus

BackupStatus contains the current status of the pgd backup

Appears in:

PGDGroupStatus

Field	Description	Required	Default	Validation
`clusterName` string	ClusterName the elected cluster to take the backup, the backup could be scheduled with different methods, but only one cluster will take the backup
`scheduledBackupName` string	ScheduledBackupName is the name of the scheduled backup. Deprecated: This field is deprecated, will be removed in future versions. Please use ScheduledBackupStatus instead.
`scheduledBackupHash` string	ScheduledBackupHash is the hash of the scheduled backup configuration. Deprecated: This field is deprecated, will be removed in future versions. Please use ScheduledBackupStatus instead.
`scheduledBackups` ScheduledBackupStatus array	ScheduledBackupStatus contains the status of all scheduled backups

BarmanCloudPluginStatus

BarmanCloudPluginStatus contains the status of the barman-cloud plugin

Appears in:

PluginStatus

Field	Description	Required	Default	Validation
`pluginEnabled` boolean	PluginEnabled is true when the barman cloud plugin is enabled
`objectStore` ObjectStoreStatus array	ObjectStore contains the name and hashcode of the managed objectStore

CNPStatus

CNPStatus contains any relevant status for the operator about CNP

Appears in:

PGDGroupStatus

Field	Description	Default
`dataInstances` integer		0
`witnessInstances` integer		0
`clusterStatus` ClusterStatus array	ClusterStatus contains the list of the status of the CNP clusters
`firstRecoverabilityPointsByMethod` object (keys:string, values:RecoverabilityPointsByMethod)	The recoverability points by method, keyed per CNP clusterName Deprecated: This field is deprecated, will be removed in future versions.
`firstRecoverabilityPoints` object (keys:string, values:string)	The recoverability points, keyed per CNP clusterName, as a date in RFC3339 format Deprecated: This field is deprecated, will be removed in future versions.
`superUserSecretIsPresent` boolean
`applicationUserSecretIsPresent` boolean
`podDisruptionBudgetIsPresent` boolean

CatalogImage

CatalogImage defines the image and major version

Appears in:

ImageCatalogSpec

Field	Description	Required	Default	Validation
`image` string	The image reference	True
`major` integer	The PostgreSQL major version of the image. Must be unique within the catalog.	True		Minimum: 10

CertManagerTemplate

CertManagerTemplate contains the data to generate a certificate request

Appears in:

Field	Description	Required	Default	Validation
`spec` CertificateSpec	The Certificate object specification
`metadata` Metadata	Refer to Kubernetes API documentation for fields of `metadata`.

ClientCertConfiguration

ClientCertConfiguration contains the information to generate the certificate for the streaming_replica user

Appears in:

TLSConfiguration

Field	Description	Required
`caCertSecret` string	CACertSecret is the secret of the CA to be injected into the CloudNativePG ClientCASecret configuration	True
`certManager` CertManagerTemplate	The cert-manager template used to generate the certificates
`preProvisioned` ClientPreProvisionedCertificates	PreProvisioned contains how to fetch the pre-generated client certificates

ClientPreProvisionedCertificates

ClientPreProvisionedCertificates instruct how to fetch the pre-generated client certificates

Appears in:

ClientCertConfiguration

Field	Description	Required	Default	Validation
`streamingReplica` PreProvisionedCertificate	StreamingReplica the pre-generated certificate for 'streaming_replica' user

ClusterImageCatalog

ClusterImageCatalog is the Schema for the clusterimagecatalogs API

Field	Description	Required
`apiVersion` string	`pgd.k8s.enterprisedb.io/v1beta1`	True
`kind` string	`ClusterImageCatalog`	True
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	True
`spec` ImageCatalogSpec	Specification of the desired behavior of the ClusterImageCatalog. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status	True

ClusterStatus

ClusterStatus contains the current status of the CNP cluster

Appears in:

CNPStatus

Field	Description	Required	Default	Validation
`name` string	Name is the name of the CNP cluster
`phase` string	Phase is the current phase of the CNP cluster
`klioClientCertIsReady` boolean	KlioClientCertIsReady indicates if the Klio client certificate is ready when Kilo plugin is used

CnpBaseConfiguration

CnpBaseConfiguration contains the configuration parameters that can be applied to both CNP Witness and Data nodes

Appears in:

Field	Description	Required	Default	Validation
`startDelay` integer	The time in seconds that is allowed for a PostgreSQL instance to successfully start up (default 3600)		3600
`stopDelay` integer	The time in seconds that is allowed for a PostgreSQL instance node to gracefully shutdown (default 180)		180
`smartShutdownTimeout` integer	The time in seconds that controls the window of time reserved for the smart shutdown of Postgres to complete. Make sure you reserve enough time for the operator to request a fast shutdown of Postgres (that is: `stopDelay` - `smartShutdownTimeout`).		15
`storage` StorageConfiguration	Configuration of the storage of the instances	True
`walStorage` StorageConfiguration	Configuration of the WAL storage for the instances
`clusterMaxStartDelay` integer	The time in seconds that is allowed for a PostgreSQL instance to successfully start up (default 300)		300
`affinity` AffinityConfiguration	Affinity/Anti-affinity rules for Pods
`resources` ResourceRequirements	Resources requirements of every generated Pod. Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information.
`postgresql` PostgresConfiguration	Configuration of the PostgreSQL server
`monitoring` MonitoringConfiguration	The configuration of the monitoring infrastructure of this cluster
`logLevel` string	The instances' log level, one of the following values: error, warning, info (default), debug, trace		info	Enum: [error warning info debug trace]
`serviceAccountTemplate` ServiceAccountTemplate	The service account template to be passed to CNP
`postInitSQL` string array	List of SQL queries to be executed as a superuser immediately after a node has been created - to be used with extreme care (by default empty)
`postInitTemplateSQL` string array	List of SQL queries to be executed as a superuser in the `template1` after a node has been created - to be used with extreme care (by default empty)
`postInitApplicationSQL` string array	List of SQL queries to be executed as a superuser in the application database right after the cluster has been created - to be used with extreme care as any data created in application database before logical join will cause the join to fail (by default empty)
`postInitApplicationSQLRefs` SQLRefs	List of references to ConfigMaps or Secrets containing SQL files to be executed as a superuser in the application database right after the cluster has been created. The references are processed in a specific order: first, all Secrets are processed, followed by all ConfigMaps. Within each group, the processing order follows the sequence specified in their respective arrays. - to be used with extreme care (by default empty)
`postInitTemplateSQLRefs` SQLRefs	List of references to ConfigMaps or Secrets containing SQL files to be executed as a superuser in the `template1` database right after the cluster has been created. The references are processed in a specific order: first, all Secrets are processed, followed by all ConfigMaps. Within each group, the processing order follows the sequence specified in their respective arrays. - to be used with extreme care (by default empty)
`postInitSQLRefs` SQLRefs	List of references to ConfigMaps or Secrets containing SQL files to be executed as a superuser in the `postgres` database right after the cluster has been created. The references are processed in a specific order: first, all Secrets are processed, followed by all ConfigMaps. Within each group, the processing order follows the sequence specified in their respective arrays. - to be used with extreme care (by default empty)
`seccompProfile` SeccompProfile	The SeccompProfile applied to every Pod and Container. Defaults to: `RuntimeDefault`
`metadata` InheritedMetadata	Refer to Kubernetes API documentation for fields of `metadata`.
`managed` ManagedConfiguration	The configuration that is used by the portions of PostgreSQL that are managed by the CNP instance manager
`projectedVolumeTemplate` ProjectedVolumeSource	Template to be used to define projected volumes, projected volumes will be mounted under `/projected` base folder
`tablespaces` TablespaceConfiguration array	The tablespaces configuration
`topologySpreadConstraints` TopologySpreadConstraint array	TopologySpreadConstraints specifies how to spread matching pods among the given topology. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
`plugins` PluginConfiguration array	The plugins configuration, containing any plugin to be loaded with the corresponding configuration
`initDBOptions` InitDBOptions	InitDBOptions specifies the options to be passed to the `initdb` command when the node is created from scratch
`env` EnvVar array	Env follows the Env format to pass environment variables to the pods created in the PG4K cluster
`envFrom` EnvFromSource array	EnvFrom follows the EnvFrom format to pass environment variables sources to the pods to be used by Env

CnpConfiguration

CnpConfiguration contains the configurations of the data nodes that will be injected into the resulting clusters composing the PGD group

Appears in:

PGDGroupSpec

Field	Description	Required	Default	Validation
`startDelay` integer	The time in seconds that is allowed for a PostgreSQL instance to successfully start up (default 3600)		3600
`stopDelay` integer	The time in seconds that is allowed for a PostgreSQL instance node to gracefully shutdown (default 180)		180
`smartShutdownTimeout` integer	The time in seconds that controls the window of time reserved for the smart shutdown of Postgres to complete. Make sure you reserve enough time for the operator to request a fast shutdown of Postgres (that is: `stopDelay` - `smartShutdownTimeout`).		15
`storage` StorageConfiguration	Configuration of the storage of the instances	True
`walStorage` StorageConfiguration	Configuration of the WAL storage for the instances
`clusterMaxStartDelay` integer	The time in seconds that is allowed for a PostgreSQL instance to successfully start up (default 300)		300
`affinity` AffinityConfiguration	Affinity/Anti-affinity rules for Pods
`resources` ResourceRequirements	Resources requirements of every generated Pod. Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information.
`postgresql` PostgresConfiguration	Configuration of the PostgreSQL server
`monitoring` MonitoringConfiguration	The configuration of the monitoring infrastructure of this cluster
`logLevel` string	The instances' log level, one of the following values: error, warning, info (default), debug, trace		info	Enum: [error warning info debug trace]
`serviceAccountTemplate` ServiceAccountTemplate	The service account template to be passed to CNP
`postInitSQL` string array	List of SQL queries to be executed as a superuser immediately after a node has been created - to be used with extreme care (by default empty)
`postInitTemplateSQL` string array	List of SQL queries to be executed as a superuser in the `template1` after a node has been created - to be used with extreme care (by default empty)
`postInitApplicationSQL` string array	List of SQL queries to be executed as a superuser in the application database right after the cluster has been created - to be used with extreme care as any data created in application database before logical join will cause the join to fail (by default empty)
`postInitApplicationSQLRefs` SQLRefs	List of references to ConfigMaps or Secrets containing SQL files to be executed as a superuser in the application database right after the cluster has been created. The references are processed in a specific order: first, all Secrets are processed, followed by all ConfigMaps. Within each group, the processing order follows the sequence specified in their respective arrays. - to be used with extreme care (by default empty)
`postInitTemplateSQLRefs` SQLRefs	List of references to ConfigMaps or Secrets containing SQL files to be executed as a superuser in the `template1` database right after the cluster has been created. The references are processed in a specific order: first, all Secrets are processed, followed by all ConfigMaps. Within each group, the processing order follows the sequence specified in their respective arrays. - to be used with extreme care (by default empty)
`postInitSQLRefs` SQLRefs	List of references to ConfigMaps or Secrets containing SQL files to be executed as a superuser in the `postgres` database right after the cluster has been created. The references are processed in a specific order: first, all Secrets are processed, followed by all ConfigMaps. Within each group, the processing order follows the sequence specified in their respective arrays. - to be used with extreme care (by default empty)
`seccompProfile` SeccompProfile	The SeccompProfile applied to every Pod and Container. Defaults to: `RuntimeDefault`
`metadata` InheritedMetadata	Refer to Kubernetes API documentation for fields of `metadata`.
`managed` ManagedConfiguration	The configuration that is used by the portions of PostgreSQL that are managed by the CNP instance manager
`projectedVolumeTemplate` ProjectedVolumeSource	Template to be used to define projected volumes, projected volumes will be mounted under `/projected` base folder
`tablespaces` TablespaceConfiguration array	The tablespaces configuration
`topologySpreadConstraints` TopologySpreadConstraint array	TopologySpreadConstraints specifies how to spread matching pods among the given topology. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
`plugins` PluginConfiguration array	The plugins configuration, containing any plugin to be loaded with the corresponding configuration
`initDBOptions` InitDBOptions	InitDBOptions specifies the options to be passed to the `initdb` command when the node is created from scratch
`env` EnvVar array	Env follows the Env format to pass environment variables to the pods created in the PG4K cluster
`envFrom` EnvFromSource array	EnvFrom follows the EnvFrom format to pass environment variables sources to the pods to be used by Env
`postgresUID` integer	The UID of the `postgres` user inside the image, defaults to `26`. This value is used for the CNP clusters created by this PGDGroup. This field is immutable after PGDGroup creation.		26
`postgresGID` integer	The GID of the `postgres` user inside the image, defaults to `26`. This value is used for the CNP clusters created by this PGDGroup. This field is immutable after PGDGroup creation.		26
`joinMethod` JoinMethod	JoinMethod specifies the method data nodes will use to join the local group. This field applies only to data groups (groups with spec.instances > 0 ). For witness groups, this field is ignored. PGD supports two ways of joining a local group: logical and physical. In logical join, the node will join the group by using `bdr.join_node_group`, synchronizing data from scratch. In physical join the node will join the group by using `bdr_init_physical`, synchronizing data from a physical backup.		physical	Enum: [logical physical]
`enableSuperuserAccess` boolean	When this option is enabled, the CNP operator will create or use the secret defined in the SuperuserSecret to allow superuser (postgres) access to the database. When this option is disabled on a running Group, the operator will ignore the content of the secret and set the password of the `postgres` user to `NULL`. Enabled by default.		true
`superuserSecret` LocalObjectReference	The secret containing the superuser password. A new secret will be created with a randomly generated password if not defined. This field is only allowed in the CNP Instances configuration. A Witness Node will always use the same SuperuserSecret as the other instances.
`klio` KlioConfig	Klio is used to generate resources required by connecting to Klio

ConnMgrStatus

ConnMgrStatus contains any relevant status for connection manager

Appears in:

PGDGroupStatus

Field	Description	Required	Default	Validation
`nodeName` string	NodeName is the name of the node in the PGD group
`isLive` boolean	IsLive is the result of the `/connection/is-live` probe
`isReady` boolean	IsReady is the result of the `/connection/is-ready` probe
`useHTTPS` boolean	UseHTTPS indicates whether HTTPS is used during detecting

ConnectionString

Underlying type: object

ConnectionString represent the parameters to connect to a PostgreSQL cluster

Appears in:

PgdConfiguration

ConnectivityConfiguration

ConnectivityConfiguration describes how to generate the services and certificates for the PGDGroup

Appears in:

PGDGroupSpec

Field	Description	Required
`dns` RootDNSConfiguration	Describes how the FQDN for the resources should be generated
`tls` TLSConfiguration	The configuration of the TLS infrastructure	True
`nodeServiceTemplate` ServiceTemplate	Instructs how to generate the service for each node
`groupServiceTemplate` ServiceTemplate	Instructs how to generate the service for the PGDGroup
`proxyServiceTemplate` ServiceTemplate	Instructs how to generate the service pointing to the connection manager read-write port which routing to write leader
`proxyReadServiceTemplate` ServiceTemplate	Instructs how to generate the service pointing to the connection manager read-only port which routing to read-only nodes

ConnectivityStatus

ConnectivityStatus contains any relevant status for the operator about Connectivity

Appears in:

PGDGroupStatus

Field	Description	Required	Default	Validation
`replicationTLSCertificate` ReplicationCertificateStatus	ReplicationTLSCertificate is the name of the replication TLS certificate, if we have it
`nodeTLSCertificates` NodeCertificateStatus array	NodeTLSCertificates are the names of the certificates that have been created for the PGD nodes
`unusedCertificates` string array	UnusedCertificates are the names of the certificates that we don't use anymore for the PGD nodes
`nodesWithoutCertificates` string array	NodesWithoutCertificates are the names of the nodes which have not a server certificate
`nodesNeedingServiceReconciliation` string array	NodesNeedingServiceReconciliation are the names of the nodes which have not a server certificate
`configurationHash` string	ConfigurationHash is the hash code of the connectivity configuration, used to check if we had a change in the configuration or not

DNSConfiguration

DNSConfiguration describes how the FQDN for the resources should be generated

Appears in:

RootDNSConfiguration

Field	Description	Required	Default	Validation
`domain` string	Contains the domain name of by all services in the PGDGroup. It is responsibility of the user to ensure that the value specified here matches with the rendered nodeServiceTemplate and groupServiceTemplate
`hostSuffix` string	Contains an optional suffix to add to all the service names in the PGDGroup. The meaning of this setting it to allow the user to easily mark all the services created in a location for routing purpose (i.e., add a generic rule to CoreDNS to rewrite some service suffixes as local)

DiscoveryJobConfig

DiscoveryJobConfig contains a series of fields that configure the discovery job

Appears in:

PgdConfiguration

Field	Description	Default
`delay` integer	Delay amount of time to sleep between retries, measured in seconds	10
`retries` integer	Retries how many times the operation should be retried	30
`timeout` integer	Timeout amount of time given to the operation to succeed, measured in seconds	300

ImageCatalog

ImageCatalog is the Schema for the imagecatalogs API

Field	Description	Required
`apiVersion` string	`pgd.k8s.enterprisedb.io/v1beta1`	True
`kind` string	`ImageCatalog`	True
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	True
`spec` ImageCatalogSpec	Specification of the desired behavior of the ImageCatalog. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status	True

ImageCatalogRef

ImageCatalogRef defines the referenced ImageCatalog and the referenced major Postgres version

Appears in:

PGDGroupSpec

Field	Description	Required
`apiGroup` string	APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
`kind` string	Kind is the type of resource being referenced	True
`name` string	Name is the name of resource being referenced	True
`major` integer	The major version of PostgreSQL we want to use from the ImageCatalog	True

ImageCatalogSpec

ImageCatalogSpec defines the desired ImageCatalog

Appears in:

Field	Description	Required	Default	Validation
`pgdImages` CatalogImage array	List of CatalogImages available in the catalog	True		MaxItems: 8 MinItems: 1
`proxyImage` string	ProxyImage The proxy image available in the catalog Starting from PGD 6, the embedded connection manager replaces the external proxy. Deprecated: This field is deprecated, will be removed in future versions.

ImageStatus

ImageStatus defines the current used images

Appears in:

PGDGroupStatus

Field	Description	Required	Default	Validation
`pgd` string	PGD is the current used pgd image

InheritedMetadata

InheritedMetadata contains metadata to be inherited by all resources related to a Cluster

Appears in:

Field	Description	Required	Default	Validation
`labels` object (keys:string, values:string)
`annotations` object (keys:string, values:string)

InitDBOptions

InitDBOptions contain options for nodes start with initDB

Appears in:

Field	Description	Validation
`dataChecksums` boolean	Whether the `-k` option should be passed to initdb, enabling checksums on data pages (default: `false`)
`encoding` string	The value to be passed as option `--encoding` for initdb (default:`UTF8`)
`localeCollate` string	The value to be passed as option `--lc-collate` for initdb (default:`C`)
`localeCType` string	The value to be passed as option `--lc-ctype` for initdb (default:`C`)
`locale` string	Sets the default collation order and character classification in the new database.
`localeProvider` string	This option sets the locale provider for databases created in the new cluster. Available from PostgreSQL 16.
`icuLocale` string	Specifies the ICU locale when the ICU provider is used. This option requires `localeProvider` to be set to `icu`. Available from PostgreSQL 15.
`icuRules` string	Specifies additional collation rules to customize the behavior of the default collation. This option requires `localeProvider` to be set to `icu`. Available from PostgreSQL 16.
`builtinLocale` string	Specifies the locale name when the builtin provider is used. This option requires `localeProvider` to be set to `builtin`. Available from PostgreSQL 17.
`walSegmentSize` integer	The value in megabytes (1 to 1024) to be passed to the `--wal-segsize` option for initdb (default: empty, resulting in PostgreSQL default: 16MB)	Maximum: 1024 Minimum: 1

JoinMethod

Underlying type: string

JoinMethod represents one of the supported methods of joining a node

Appears in:

Field	Description
`physical`	JoinMethodPhysical represents the use of physical join
`logical`	JoinMethodLogical represents the use of logical join

KlioCertStatus

KlioCertStatus contains the status of a Certificate used by klio Plugin

Appears in:

KlioPluginStatus

Field	Description	Required	Default	Validation
`name` string
`cluster` string
`isReady` boolean

KlioConfig

KlioConfig defines the Klio related objects templates

Appears in:

CnpConfiguration

Field	Description	Required	Default	Validation
`pluginConfigTemplate` KlioPluginConfigTemplate	PluginConfigTemplate defines the Klio plugin configuration template	True
`clientCertTemplate` CertManagerTemplate	ClientCertTemplate defines the Klio client certificate template	True

KlioConfigurationStatus

KlioConfigurationStatus contains the status of a klio PluginConfiguration

Appears in:

KlioPluginStatus

Field	Description	Required	Default	Validation
`name` string
`cluster` string

KlioPluginConfigTemplate

KlioPluginConfigTemplate contains the data to generate a certificate request

Appears in:

KlioConfig

Field	Description	Required	Default	Validation
`spec` PluginConfigurationSpec	PluginConfigurationSpec defines the plugin configuration spec	True
`metadata` Metadata	Refer to Kubernetes API documentation for fields of `metadata`.

KlioPluginStatus

KlioPluginStatus contains the status of the klio plugin

Appears in:

PluginStatus

Field	Description	Required	Default	Validation
`serverTLSSecretIsPresent` boolean	ServerTLSSecretIsPresent indicates if the server TLS secret is present
`certificates` KlioCertStatus array	ClientCertificates contains the status of the klio client certificates
`certificateHash` string	ClientCertificateHash contains the hash of the client certificates
`pluginConfigurations` KlioConfigurationStatus array	PluginConfigurations contains the status of the klio PluginConfigurations
`pluginConfigurationHash` string	PluginConfigurationHash contains the hash of the plugin configurations

Metadata

Metadata is a structure similar to the metav1.ObjectMeta, but still parseable by controller-gen to create a suitable CRD for the user.

Appears in:

Field	Description	Required	Default	Validation
`labels` object (keys:string, values:string)	Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
`annotations` object (keys:string, values:string)	Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

NodeCertificateStatus

NodeCertificateStatus encapsulate the status of the server certificate of a CNP node

Appears in:

ConnectivityStatus

Field	Description	Required
`name` string	Name is the name of the certificate
`hash` string	Hash is the hash of the configuration for which it has been generated
`isReady` boolean	Ready is true when the certificate is ready
`preProvisioned` boolean	PreProvisioned is true if the certificate is preProvisioned
`nodeName` string	NodeName is the name of the CNP cluster using this certificate	True

NodeExtensionStatus

NodeExtensionStatus show the status of the node

Appears in:

NodesExtensionsStatus

Field	Description	Required
`Name` string	Name of the node	True
`NeedBdrInstallation` boolean	NeedBdrInstallation true if the node does not have the BDR extension installed	True
`NeedJoin` boolean	NeedJoin true if the node need join the group	True
`Parted` boolean	Parted true if the node is already parted	True
`Error` string	Error is populated if any error is encountered during the PGD discovery execution	True
`BdrExtensionVersion` string	BdrExtensionVersion Version	True

NodeKindName

Underlying type: string

NodeKindName is a type containing the potential values of node_kind_name from bdr.node_summary

Appears in:

NodeSummary

Field	Description
`witness`
`data`

NodeSummary

NodeSummary shows relevant info from bdr.node_summary

Appears in:

NodeSummaryInternal
PGDGroupStatus

Field	Description	Required	Default	Validation
`node_name` string	Name of the node
`node_group_name` string	NodeGroupName is the name of the joined group
`peer_state_name` string	Consistent state of the node in human-readable form
`peer_target_state_name` string	State which the node is trying to reach (during join or promotion)
`node_kind_name` NodeKindName	The kind of node: witness or data

ObjectStoreStatus

ObjectStoreStatus contains the name and hash of the objectStore

Appears in:

BarmanCloudPluginStatus

Field	Description	Required	Default	Validation
`name` string	Name is the name of the objectStore
`hash` string	Hash stored the objectStore hashcode

OperatorPhase

Underlying type: string

OperatorPhase it represents a phase of the PGDGroup controller

Appears in:

PGDGroupStatus

Field	Description
`PGDGroup - Healthy`	PhaseHealthy triggers when no other phase condition is met
`PGDGroup - Paused`	PhasePaused triggers when the PGDGroup is paused and all instances and proxies pod are deleted
`PGDGroup - Parted`	PhaseParted triggers when the all nodes of the pgdgroup are parted
`PGDGroup - Waiting for nodes to be ready`	PhaseWaitingForNodesToBeReady triggers when a PGDGroup node is not in status ready
`PGDGroup - Waiting for nodes major version in-place upgrade`	PhaseWaitingForNodesInPlaceUpgrade is the phase where a in-place major version upgrade (postgres, bdr, etc) is happening
`PGDGroup - All nodes have been dropped`	PhaseAllNodesDropped is the phase that all nodes in the group has been dropped, group can not be recovered anymore
`PGDGroup - Unable to detect a phase for the PGD group`	PhaseUnableToDetectPhase triggers when a PGDGroup phase cannot be calculated. This is a programmatic error
`PGDGroup - Image Catalog Not Found`	PhaseCatalogNotFound triggers when the ImageCatalog is used but not found
`PGDGroup - Major Version Not Found in Image Catalog`	PhaseMajorVersionNotFound triggers when major version can not be found in the referenced ImageCatalog
`PGDGroup - Application user secret not found`	PhaseErrorFindingApplicationSecret application secrets is defined by external but can not find
`Finalizers - Adding Finalizers`	PhaseAddingFinalizers add the missing finalizer to group
`Finalizers - Removing Finalizers`	PhaseRemovingFinalizers remove finalizer if not needed
`Pause - pause nodes`	PhasePauseNode operator is pausing the nodes
`Pause - waiting for nodes`	PhasePauseWaitingNode operator is waiting for node pause or resume
`Pause - resume nodes`	PhaseResumeNode operator is resume nodes
`Connectivity - Certificates - Create replication certificate`	PhaseCreateReplicationCertificate triggers when replication certificate secret (per group) is not created
`Connectivity - Certificates - Reconcile replication certificate`	PhaseReconcileReplicationCertificate triggers when hash changed and replication certificate secret need reconcile
`Connectivity - Certificates - Create server certificates`	PhaseCreateServerCertificates triggers when server certificate secret (per node) is not created
`Connectivity - Certificates - Delete server certificates`	PhaseDeleteServerCertificates triggers to delete orphan server certificates
`Connectivity - Certificates - Reconcile server certificates`	PhaseReconcileServerCertificates triggers to reconciles server certificates
`Connectivity - Certificates - Waiting for the certificates to be ready`	PhaseWaitCertificateToBeReady waiting for certificates to be ready nolint lll
`Connectivity - Service - Reconciling connection manager service`	PhaseReconcileConnMgrService triggers when the application read-write service (`<group name>-proxy`) is not ready or need patch
`Connectivity - Service - Reconciling connection manager read service`	PhaseReconcileConnMgrReadService triggers when the application read-only service (`<group name>-proxy-r`) is not ready or need patch
`Connectivity - Service - Reconciling node services`	PhaseReconcileNodeServices triggers when the node service (`<group name>-<sequence>-node`) is not ready or need patch
`Connectivity - Service - Reconciling group service`	PhaseReconcileGroupService triggers when the group service (`<group name>-group`) is not ready or need patch
`Secrets - reconciling pull secrets`	PhaseReconcilePullSecrets is the phase that generates the secrets that are made available by the various PGDGroup resources
`ObjectStore - Reconciling objectStore`	PhaseReconcileObjectStore is phase where we reconcile the managed objectstore cr
`ObjectStore - Deleting unused objectstore`	PhaseDeleteObjectStore is phase where we delete the managed objectstore cr
`BOOTSTRAP - Selecting a target node for remote join`	PhaseCreatingRemoteJoinJob creating bootstrap job to find proper nodes to remote join
`BOOTSTRAP - Selecting server to be restored`	PhaseCreatingRestoreJob creating bootstrap job to find proper server to restore
`BOOTSTRAP - Selecting volume snapshots to be restored`	PhaseCreatingSnapshotRestoreJob creating bootstrap job to find volume snapshot to restore
`BOOTSTRAP - Waiting for target node selection`	PhaseWaitingForTargetNodeSelection triggers when remote job bootstrap job is running, waiting for it to select the proper node for the remote join
`BOOTSTRAP - Waiting for volume snapshots selection`	PhaseWaitingForSnapshotsSelection triggers when restore from volumesnapshot bootstrap job is running
`BOOTSTRAP - Waiting for server selection`	PhaseWaitingForRestoreServerSelection triggers when restore from barman backup bootstrap job is running waiting for the job selecting the server to restore from
`BOOTSTRAP - Failed to run the bootstrap job`	PhaseFailedBootstrapJob is an error phase, when bootstrap job running failed
`Nodes - Bootstrapping requirements`	PhaseBootstrapNodeRequirements is the preliminary phase that precedes the creation of PGD node
`Nodes - Reconciling First Recoverability Points`	PhaseFirstRecoverabilityReconcile is the phase to update the first recoverability points of the node
`Nodes - Reconciling Nodes`	PhaseReconcile triggers when the changes in pgdgroup need to be propagated to nodes
`Nodes - Scaling up the group size`	PhaseScaleUpGroupSize triggers when there the number of existing clusters is different from the requested instances.
`Nodes - Scaling down parted nodes`	PhaseScaleDownPartedNodes removes the parted CNP clusters
`Nodes - Error finding node to physical join in current group`	PhaseErrorFindingTargetNode is an error phase, where we failed to find the target node to do the physical join for the non-first node in a group
`BACKUP - Assign node`	PhaseAssignBackupNode triggers when PGDGroup is healthy and there is no backup node elected and assigned
`BACKUP - Switch node`	PhaseAssignBackupNode triggers when the previous backup node is not existed
`BACKUP - Reconciling Scheduled backup`	PhaseReconcileScheduledBackup triggers when scheduled backup changed
`BACKUP - Deleting Scheduled backup`	PhaseDeleteScheduledBackup triggers when orphan scheduled backup found, usually happened when backup method changed.
`Klio - Reconciling klio resources`	PhaseCreateKlioResources creates the klio resources
`Klio - Deleting resources`	PhaseDeleteKlioResources deletes the klio resources
`Klio - Certificates - Missing klio serverTLSSecret`	PhaseMissingKlioServerTLSSecret missing the klio serverTLSSecret in klio configuration
`Klio - Certificates - Waiting for the certificates to be ready`	PhaseWaitingKlioResourceToBeReady waits for klio resources to be ready
`PGD - Delete node discovery`	PhaseDeleteNodeDiscovery delete the node discovery job which is not needed
`PGD - Start node discovery`	PhaseStartNodeDiscovery start the node discovery, this is running
`PGD - Waiting for node discovery`	PhaseWaitingForNodeDiscovery waiting for the node defined in discovery ready
`PGD - Node discovery failed`	PhaseFailedNodeDiscovery is an error phase, when the discovery job is failed, delete the job to restart the discovery
`PGD - Invalid discovery configuration`	PhaseInvalidDiscoveryConfiguration is an error phase, when there is invalid configuration in discovery section
`PGD - Bootstrapping and joining group`	PhaseBootstrappingAndJoiningPGD is creating the first node of the pgdgroup with pgdGroup.Spec.Pgd.ParentGroup.Create set to true
`PGD - Cleaning metadata leftovers from restore`	PhaseCleanDirtyNodes triggers is creating the first node of the pgdgroup which is restored from backup
`PGD - Install PGD extensions`	PhaseInstallExtensions to create PGD extension in the pgd node
`PGD - Node is syncing with PGDGroup`	PhaseSync triggers if a PGD node is trying to reach a different target state
`PGD - Waiting to discover an active PGD node to logical join`	PhaseWaitActiveDataNode triggers when there is no active node in the pgdgroup for logical join
`PGD - Joining node into group`	PhaseJoinPGDGroup node is logical join the target node
`PGD - Parting node from group`	PhaseNodesPartingPGDGroup operator is parting nodes from the pgdgroup, usually happened after scale down or user request to part the group using annotations
`PGD - Parting missing nodes`	PhasePartMissingNodes triggers when node is available but cluster is removed from kuberneters
`PGD - Global raft consensus critical`	PhaseGlobalRaftConsensusCritical triggers when the global raft of the pgdgroup is not consensus
`PGD - Transfer Write Lead`	PhaseTransferWriteLead triggers when operator reconcile the writelead node and need a restart
`PGD - All nodes have been parted`	PhaseAllNodeParted all nodes in the group has been parted, this maybe triggered by manually parting from pgdgroup
`PGD - Error while discovering nodes status`	PhaseErrorDiscoveringNodeStatus is an error phase, when there is error occurred when detecting the pgd node status
`PGD - Prepare physical join`	PhasePrePhysicalJoin triggers when creating a new node in pgdgroup, evaluate if the node is ready to use physical join to join the group. Once the node is ready, will annotate the node with physicalJoinState=started
`PGD - Waiting for pre-physical join work`	PhaseWaitingPrePhysicalJoin wating for the node ready for physical join
`PGD - Performing the physical join`	PhasePhysicalJoin the node is performing the physical join
`PGD - Waiting for physical join`	PhaseWaitingPhysicalJoin waiting for the physical join to complete
`PGD - Post physical join`	PhasePostPhysicalJoin promote the node to primary cluster after physical join
`PGD - Waiting for post-physical join work`	PhaseWaitingPostPhysicalJoin waiting for post physical join work to complete
`PGD - Waiting for global raft consensus`	PhaseWaitForGlobalRaftConsensus triggers when the global raft is not consensus
`PGD - Failed in physical join job`	PhaseFailedPhysicalJoin is an error phase, triggers when the physical join job failed to run, delete the job to restart the physical join
`PGD - Reconciling node group configuration`	PhaseReconcileNodeGroupConfig reconcile the node group settings
`PGD - Waiting for write lead election`	PhaseWaitingForWriteLeadElection waiting for the writelead election
`PGD - Applying SQL mutations of type Always`	PhaseApplyAlwaysMutations triggers when applying the always mutations
`PGD - Applying SQL mutations of type Bootstrap`	PhaseApplyBootstrapMutations triggers when applying the bootstrap mutations
`PGD - Applying SQL mutations of type WriteLeader`	PhaseApplyWriteLeaderMutations triggers when applying the writeLead mutations
`PGD - Reconcile application user`	PhaseReconcileApplicationUser reconcile the user password defined in owner secrets
`PGD - Reconcile Managed Role`	PhaseReconcileManagedRole is the phase that indicates that the reconciler is reconciling the roles
`PGD - Waiting for Connection Manager to be ready`	PhaseWaitingForConnMgrToBeReady waits for the connection manager to be ready by checking its liveness and readiness probes
`Migration - Waiting for operand image upgrade to PGD-6`	PhaseWaitingForUpgradeToPGD6 triggers when waiting for the upgrade to PGD 6
`Migration - Cleanup of legacy resources`	PhaseCleanupLegacy triggers when cleaning up legacy resources
`Default Metrics - Reconcile Resources`	PhaseDefaultMetricsReconcileResources triggers when resources need to be created or updated

OperatorPhaseCleanup

Underlying type: string

OperatorPhaseCleanup it represents a phase of the PGDGroupCleanup controller

Appears in:

PGDGroupCleanupStatus

Field	Description
`PGDGroupCleanup - No reliable node found in the executor PGDGroup`
`PGDGroupCleanup - Completed`
`PGDGroupCleanup - Parting the nodes`
`PGDGroupCleanup - Removing the PGDGroup`
`PGDGroupCleanup - Waiting for nodes in target PGDGroup to be parted`

PGDGroup

PGDGroup is the Schema for the pgdgroups API

Field	Description	Required
`apiVersion` string	`pgd.k8s.enterprisedb.io/v1beta1`	True
`kind` string	`PGDGroup`	True
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` PGDGroupSpec		True
`status` PGDGroupStatus

PGDGroupCleanup

PGDGroupCleanup is the Schema for the pgdgroupcleanups API

Field	Description	Required
`apiVersion` string	`pgd.k8s.enterprisedb.io/v1beta1`	True
`kind` string	`PGDGroupCleanup`	True
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	True
`spec` PGDGroupCleanupSpec		True
`status` PGDGroupCleanupStatus		True

PGDGroupCleanupSpec

PGDGroupCleanupSpec defines the desired state of PGDGroupCleanup

Appears in:

PGDGroupCleanup

Field	Description	Required	Default
`executor` string		True
`target` string		True
`force` boolean	Force will force the removal of the PGDGroup even if the target PGDGroup nodes are not parted		false

PGDGroupCleanupStatus

PGDGroupCleanupStatus defines the observed state of PGDGroupCleanup

Appears in:

PGDGroupCleanup

Field	Description	Required	Default	Validation
`phase` OperatorPhaseCleanup	Phase the phase of current cleanup cr
`nodesToPart` string array	NodesToPart shows nodes that are not parted in the target group
`isNodeGroupExists` boolean	IsNodeGroupExists indicates if the target group is still not dropped yet

PGDGroupSpec

PGDGroupSpec defines the desired state of PGDGroup

Appears in:

PGDGroup

Field	Description	Required	Default	Validation
`imageName` string	Name of the container image, supporting both tags (`<image>:<tag>`) and digests for deterministic and repeatable deployments (`<image>:<tag>@sha256:<digestValue>`)
`imageCatalogRef` ImageCatalogRef	Defines the referenced ImageCatalog and the referenced major Postgres version
`imagePullPolicy` PullPolicy	Image pull policy. One of `Always`, `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images		IfNotPresent
`imagePullSecrets` LocalObjectReference array	The list of pull secrets to be used to pull operator and or the operand images
`inheritedMetadata` InheritedMetadata	Metadata that will be inherited by all objects related to the pgdGroup
`instances` integer	Number of instances required in the cluster	True	0	Minimum: 0
`proxyInstances` integer	Deprecated: This field is deprecated, will be removed in future versions.		0
`witnessInstances` integer	Number of witness instances required in the cluster		0	Minimum: 0
`backup` Backup	The configuration to be used for backups in the CNP instances.
`restore` Restore	The configuration to restore this PGD group from an Object Store service
`cnp` CnpConfiguration	DataInstances configuration that will be injected into the CNP clusters that compose the PGD Group	True
`witness` CnpBaseConfiguration	WitnessInstances configuration that will be injected into the WitnessInstances CNP clusters If not defined, it will default to the DataInstances configuration
`pgd` PgdConfiguration	Pgd contains instructions to bootstrap this cluster	True
`pgdProxy` PGDProxyConfiguration	Deprecated: This field is deprecated, will be removed in future versions.
`connectivity` ConnectivityConfiguration	Configures the connectivity of the PGDGroup, like services and certificates that will be used.	True
`failingFinalizerTimeLimitSeconds` integer	The amount of seconds that the operator will wait in case of a failing finalizer. A finalizer is considered failing when the operator cannot reach any nodes of the PGDGroup		300

PGDGroupStatus

PGDGroupStatus defines the observed state of PGDGroup

Appears in:

PGDGroup

Field	Description	Validation
`latestGeneratedNode` integer	ID of the latest generated node (used to avoid node name clashing)
`phase` OperatorPhase	The initialization phase of this cluster
`phaseDetails` string	The details of the current phase
`phaseTroubleshootHints` string	PhaseTroubleshootHints general troubleshooting indications for the given phase
`phaseType` PhaseType	PhaseType describes the phase category.	Enum: [action wait fail]
`conditions` Condition array	Conditions for PGDGroup object
`nodes` NodeSummary array	The list of summaries for the nodes in the group
`backup` BackupStatus	The node that is taking backups of this PGDGroup
`restore` RestoreStatus	The status of the restore process
`PGD` PGDStatus	Last known status of PGD
`connMgr` ConnMgrStatus array	Last known status of Connection Manager
`CNP` CNPStatus	Last known status of CNP
`connectivity` ConnectivityStatus	Last known status of Connectivity
`pause` PauseStatus	Last known status of Pause
`image` ImageStatus	Last known status of used image
`plugins` PluginStatus	Plugin Last known status of the plugins
`managedRolesStatus` ManagedRoles	ManagedRolesStatus reports the state of the managed roles in the group

PGDNodeGroupEntry

PGDNodeGroupEntry shows information about the node groups available in the PGD configuration

Appears in:

PGDStatus

Field	Description	Required
`name` string	Name is the name of the node group	True
`uuid` string	UUID is the UUID of the group
`enableRouting` boolean	EnableRouting is true is the node group allows routing
`enableRaft` boolean	EnableRaft is true if the node group has a subgroup raft instance
`routeWriterMaxLag` integer	RouteWriterMaxLag Maximum lag in bytes of the new write candidate to be selected as write leader, if no candidate passes this, there will be no writer selected automatically
`routeReaderMaxLag` integer	RouteReaderMaxLag Maximum lag in bytes for node to be considered viable read-only node
`routeWriterWaitFlush` boolean	RouteWriterWaitFlush Whether to wait for replication queue flush before switching to new leader when using `bdr.routing_leadership_transfer()`
`connMgrReadWriteMaxClientConn` integer	ConnMgrReadWriteMaxClientConn maximum read-write client connections allowed,
`connMgrReadWriteMaxServerConn` integer	ConnMgrReadWriteMaxServerConn maximum read-write connections that will be opened to server
`connMgrReadOnlyMaxClientConn` integer	ConnMgrReadOnlyMaxClientConn maximum read-only client connections allowed
`connMgrReadOnlyMaxServerConn` integer	ConnMgrReadOnlyMaxServerConn maximum read-only connections that will be opened to server
`connMgrReadWriteConsensusTimeout` integer	ConnMgrReadWriteConsensusTimeout how long to wait on loss of consensus before read-write connections are no longer accepted
`connMgrReadOnlyConsensusTimeout` integer	ConnMgrReadOnlyConsensusTimeout how long to wait on loss of consensus before read-only connections are no longer accepted
`connMgrUseHTTPS` boolean	ConnMgrUseHTTPS indicates whether to use HTTPS for connection manager communication

PGDNodeGroupSettings

PGDNodeGroupSettings contains the settings of the PGD Group

Appears in:

PgdConfiguration

Field	Description	Default	Validation
`routeWriterMaxLag` integer	RouteWriterMaxLag Maximum lag in bytes of the new write candidate to be selected as write leader, if no candidate passes this, there will be no writer selected automatically Defaults to -1	-1
`routeReaderMaxLag` integer	RouteReaderMaxLag Maximum lag in bytes for node to be considered viable read-only node Defaults to -1	-1
`routeWriterWaitFlush` boolean	RouteWriterWaitFlush Whether to wait for replication queue flush before switching to new leader when using `bdr.routing_leadership_transfer()` Defaults to false	false
`connMgrReadWriteMaxClientConn` integer	ConnMgrReadWriteMaxClientConn maximum read-write client connections allowed, Defaults to -1 to use PGD default	-1
`connMgrReadWriteMaxServerConn` integer	ConnMgrReadWriteMaxServerConn maximum read-write connections that will be opened to server Defaults to -1 to use PGD default	-1
`connMgrReadOnlyMaxClientConn` integer	ConnMgrReadOnlyMaxClientConn maximum read-only client connections allowed Defaults to -1 to use PGD default	-1
`connMgrReadOnlyMaxServerConn` integer	ConnMgrReadOnlyMaxServerConn maximum read-only connections that will be opened to server Defaults to -1 to use PGD default	-1
`connMgrReadWriteConsensusTimeout` integer	ConnMgrReadWriteConsensusTimeout the duration in seconds for how long to wait on loss of consensus before read-write connections are no longer accepted in seconds, must be between 0 and 86400. Defaults to 0	0	Maximum: 86400 Minimum: 0
`connMgrReadOnlyConsensusTimeout` integer	ConnMgrReadOnlyConsensusTimeout the duration in seconds for how long to wait on loss of consensus before read-only connections are no longer accepted in seconds, must be between 0 and 86400. Defaults to 0	0	Maximum: 86400 Minimum: 0

PGDProxyConfiguration

PGDProxyConfiguration defines the configuration of PGD Proxy Those settings are only applicable to PGD 5

Appears in:

PGDGroupSpec

Field	Description	Validation
`imageName` string	Name of the PGDProxy container image
`logLevel` string	The PGD Proxy log level, one of the following values: error, warning, info (default), debug, trace	Enum: [error warning info debug trace]
`logEncoder` string	The format of the log output	Enum: [text json]
`proxyAffinity` Affinity	ProxyAffinity/Anti-affinity rules for pods
`proxyNodeSelector` object (keys:string, values:string)	ProxyNodeSelector rules for pods
`proxyTolerations` Toleration array	ProxyTolerations rules for pods
`proxyResources` ResourceRequirements	Defines the resources assigned to the proxy. If not defined uses defaults requests and limits values.

PGDProxySettings

PGDProxySettings contains the settings of the proxy

Deprecated: This field is deprecated, will be removed in future versions.

Appears in:

PgdConfiguration

Field	Description	Required	Default	Validation
`fallbackGroups` string array	FallbackGroups is the list of groups the proxy should forward connection to when all the data nodes of this PGD group are not available Deprecated: This field is deprecated, will be removed in future versions.
`maxClientConn` integer	MaxClientConn maximum number of connections the proxy will accept. Deprecated: This field is deprecated, will be removed in future versions.
`maxServerConn` integer	MaxServerConn maximum number of connections the proxy will make to the Postgres node. Deprecated: This field is deprecated, will be removed in future versions.
`serverConnTimeout` integer	ServerConnTimeout connection timeout for server connections in seconds. Deprecated: This field is deprecated, will be removed in future versions.
`serverConnKeepalive` integer	ServerConnKeepalive keepalive interval for server connections in seconds. Deprecated: This field is deprecated, will be removed in future versions.
`fallbackGroupTimeout` integer	FallbackGroupTimeout the interval after which the routing falls back to one of the fallback_groups. Deprecated: This field is deprecated, will be removed in future versions.
`consensusGracePeriod` integer	ConsensusGracePeriod the duration in seconds for which proxy continues to route even upon loss of a Raft leader. If set to 0s, proxy stops routing immediately. Deprecated: This field is deprecated, will be removed in future versions.
`enableReadNodeRouting` boolean	EnableReadNodeRouting is the switch to control whether the proxy will route queries to read nodes through read_listen_port or not. By default it is false Deprecated: This field is deprecated, will be removed in future versions.

PGDRaftStatus

Underlying type: string

PGDRaftStatus indicates a known status of the PGDRaft

Appears in:

PGDStatus

Field	Description
`OK`	PGDRaftConsensusStatusOk indicates that the raft consensus is working correctly
`CRITICAL`	PGDRaftConsensusStatusCritical indicates that the raft consensus is not ready
`UNKNOWN`	PGDRaftConsensusStatusUnknown indicates that the raft consensus status is unknown
`WARNING`	PGDRaftConsensusStatusWarning is a warning that an election may be in progress

PGDRoutingStatus

Underlying type: string

PGDRoutingStatus represents the status of the connection managers routing

Appears in:

PGDStatus

Field	Description
`global`	RoutingToGlobalWriteLead indicates that the connection managers on group's nodes will route traffic to the global group write leader
`current`	RoutingToCurrentWriteLead indicates that the connection managers on group's nodes will route traffic to the current group write leader
`notDetected`	RoutingNotDetected indicates that the operator could not detect where the connection managers on group's nodes are routing traffic to

PGDStatus

PGDStatus any relevant status for the operator about PGD

Appears in:

PGDGroupStatus

Field	Description	Required	Default	Validation
`raftConsensusLastChangedStatus` PGDRaftStatus	RaftConsensusLastChangedStatus indicates the latest reported status from bdr.monitor_group_raft
`raftConsensusLastChangedMessage` string	RaftConsensusLastChangedMessage indicates the latest reported message from bdr.monitor_group_raft
`raftConsensusLastChangedTimestamp` string	RaftConsensusLastChangedTimestamp indicates when the status and message were first reported
`nodeGroup` PGDNodeGroupEntry	NodeGroup is the status of the node group associated with the PGDGroup
`globalNodeGroup` PGDNodeGroupEntry	GlobalNodeGroup is the status of the global node group
`globalWriteLeadLastDetected` string	GlobalWriteLeadLastDetected indicates global writelead detected in latest reconcile loop only available if subgroup routing is disabled
`writeLeadLastDetected` string	WriteLeadLastDetected indicates subgroup writelead detected in latest reconcile loop
`routingStatus` PGDRoutingStatus	RoutingStatus indicates where the connection managers on group's nodes will route traffic to
`extensionVersion` string	ExtensionVersion is the pgd extension version detected on the raft lead node

ParentGroupConfiguration

ParentGroupConfiguration contains the topology configuration of PGD

Appears in:

PgdConfiguration

Field	Description	Required	Default	Validation
`name` string	Name of the parent group	True		MinLength: 1
`create` boolean	Create is true when the operator should create the parent group if it doesn't exist		false

PauseStatus

PauseStatus contains the information of group hibernating

Appears in:

PGDGroupStatus

Field	Description	Required	Default	Validation
`active` boolean	Active indicates the PGDGroup is either: - in process of pausing - already paused - in process of resuming
`instances` integer	Instances is the number of paused PGD instances
`lastStartedTime` Time	LastStartedTime is the last time the PGDGroup started pausing
`lastCompletedTime` Time	LastCompletedTime is last time the PGDGroup completed pausing
`lastResumeStartedTime` Time	LastResumeStartedTime is the last time the PGDGroup started resuming
`lastResumeCompletedTime` Time	LastCompletedTime is last time the PGDGroup completed resuming

PgdConfiguration

PgdConfiguration is the configuration of the PGD group structure

Appears in:

PGDGroupSpec

Field	Description	Required	Default	Validation
`parentGroup` ParentGroupConfiguration	ParentGroup configures the topology of the PGD group	True
`groupJoinMethod` JoinMethod	GroupJoinMethod defines the method in case of cross region join, this option is mandatory for the non-initial data group ( groups with spec.pgd.parentGroup.create=false). For initial group or witness group, it will be enforced to logical.			Enum: [logical physical]
`discovery` ConnectionString array	The parameters we will use to connect to a node belonging to the parent PGD group. Even if provided, the following parameters will be overridden with default values: `application_name`, `sslmode`, `dbname` and `user`. The following parameters should not be provided nor used, as they are not even overridden with defaults:`sslkey`, `sslcert`, `sslrootcert`
`discoveryJob` DiscoveryJobConfig	DiscoveryJob the configuration of the PGD Discovery job		{ delay:10 retries:30 timeout:300 }
`databaseName` string	Name of the database used by the application. Default: `app`.		app
`ownerName` string	Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
`ownerCredentialsSecret` LocalObjectReference	Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
`proxySettings` PGDProxySettings	ProxySettings Configuration for the proxy Deprecated: This field is deprecated, will be removed in future versions. Starting from PGD 6, the embedded connection manager replaces the external proxy.
`nodeGroupSettings` PGDNodeGroupSettings	Configuration for the PGD Group
`globalRouting` boolean	GlobalRouting is true when global routing is enabled, and in this case the connection managers on group's nodes will route traffic to the global group write leader instead of the local group write leader		false
`mutations` SQLMutations	List of SQL mutations to apply to the node group

PhaseType

Underlying type: string

PhaseType describes the type of the OperatorPhase

Appears in:

PGDGroupStatus

Field	Description
`action`	PhaseTypeAction triggers a reconciliation for a pkg
`wait`	PhaseTypeWait the phase is waiting for an external resource to complete an action
`fail`	PhaseTypeFail the operator is failing, most likely requires a manual intervention

PluginConfigurationSpec

PluginConfigurationSpec defines the desired state of client configuration.

Appears in:

KlioPluginConfigTemplate

Field	Description	Required	Default	Validation
`serverAddress` string	ServerAddress is the address of the Klio server in the format host:port or host	True		MinLength: 1
`tier1` Tier1PluginConfiguration	Tier1 is the Tier 1 configuration
`tier2` Tier2PluginConfiguration	Tier2 is the Tier 2 configuration
`serverSecretName` string	ServerSecretName is the name of the secret containing the server TLS certificate	True		MinLength: 1
`pprof` boolean	Pprof enables the pprof endpoint for performance profiling
`mode` ServerMode	Mode selects the operation mode of the server.	True	standard	Enum: [standard read-only]
`clusterName` string	ClusterName is the name of the PostgreSQL cluster we are connecting to. This field is optional in templates as the operator will set it automatically.
`containers` Container array	Containers allows defining a list of containers that will be merged with the Klio sidecar containers. This enables users to customize the sidecars with additional environment variables, volume mounts, resource limits, and other container settings without polluting the PostgreSQL container environment. Merge behavior: - Containers are matched by name (klio-plugin, klio-wal, klio-restore) - User customizations serve as the base - Klio required values (name, args, CONTAINER_NAME env var) always override user values - User-defined environment variables and volume mounts are preserved - Template defaults are applied only for fields not set by the user or Klio			MaxItems: 3

PluginStatus

PluginStatus contains the status of the plugins and managed plugins

Appears in:

PGDGroupStatus

Field	Description	Required	Default	Validation
`barmanCloud` BarmanCloudPluginStatus	BarmanCloud stored the barman cloud plugin status
`klio` KlioPluginStatus	Klio stored the klio plugin status

PreProvisionedCertificate

PreProvisionedCertificate contains the data needed to supply a pre-generated certificate

Appears in:

ClientPreProvisionedCertificates

Field	Description	Required	Default	Validation
`secretRef` string	SecretRef a name pointing to a secret that contains a tls.crt and tls.key

RecoverabilityPointsByMethod

Underlying type: Time

RecoverabilityPointsByMethod contains the first recoverability points for a given backup method

Appears in:

CNPStatus

ReplicationCertificateStatus

ReplicationCertificateStatus encapsulate the certificate status

Appears in:

Field	Description	Required	Default	Validation
`name` string	Name is the name of the certificate
`hash` string	Hash is the hash of the configuration for which it has been generated
`isReady` boolean	Ready is true when the certificate is ready
`preProvisioned` boolean	PreProvisioned is true if the certificate is preProvisioned

Restore

Restore configures the restore of a PGD group from an object store

Appears in:

PGDGroupSpec

Field	Description	Required	Default	Validation
`volumeSnapshots` VolumeSnapshotsConfiguration	The configuration for volumeSnapshot restore
`barmanObjectStore` BarmanObjectStoreConfiguration	The configuration for the barman-cloud tool suite
`plugin` PluginConfiguration	Plugin contains the configuration for plugin used to restore
`recoveryTarget` RecoveryTarget	By default, the recovery process applies all the available WAL files in the archive (full recovery). However, you can also end the recovery as soon as a consistent state is reached or recover to a point-in-time (PITR) by specifying a `RecoveryTarget` object, as expected by PostgreSQL (i.e., timestamp, transaction Id, LSN, ...). More info: https://www.postgresql.org/docs/current/runtime-config-wal.html#RUNTIME-CONFIG-WAL-RECOVERY-TARGET
`serverNames` string array	The list of server names to be used as a recovery origin. One of these servers will be elected as the seeding one when evaluating the recovery target, this option is only used when restore from barmanObjectStore.

RestoreStatus

RestoreStatus contains the current status of the restore process

Appears in:

PGDGroupStatus

Field	Description	Required	Default	Validation
`serverName` string	The name of the server to be restored
`VolumeSnapshots` VolumeSnapshotRestoreStatus array	selected volumeSnapshots to restore

RootDNSConfiguration

RootDNSConfiguration describes how the FQDN for the resources should be generated

Appears in:

ConnectivityConfiguration

Field	Description	Required	Default	Validation
`domain` string	Contains the domain name of by all services in the PGDGroup. It is responsibility of the user to ensure that the value specified here matches with the rendered nodeServiceTemplate and groupServiceTemplate
`hostSuffix` string	Contains an optional suffix to add to all the service names in the PGDGroup. The meaning of this setting it to allow the user to easily mark all the services created in a location for routing purpose (i.e., add a generic rule to CoreDNS to rewrite some service suffixes as local)
`additional` DNSConfiguration array	AdditionalDNSConfigurations adds more possible FQDNs for the resources

SQLMutation

SQLMutation is a series of SQL statements to apply atomically

Appears in:

SQLMutations

Field	Description	Required	Default	Validation
`isApplied` string array	List of boolean-returning SQL queries. If any of them returns false the mutation will be applied	True		MinItems: 1
`exec` string array	List of SQL queries to be executed to apply this mutation	True		MinItems: 1
`type` SQLMutationType	Type determines when the SQLMutation occurs. 'always': reconcile the mutation at each reconciliation cycle 'beforeSubgroupRaft': are executed only before the subgroupRaft is enabled If not specified, the Type defaults to 'always'.		always	Enum: [always beforeSubgroupRaft writeLeader]

SQLMutationType

Underlying type: string

SQLMutationType a supported type of SQL Mutation

Appears in:

SQLMutation

Field	Description
`always`	SQLMutationTypeAlways tries to reconcile the mutation at each reconciliation cycle
`beforeSubgroupRaft`	SQLMutationTypeBeforeSubgroupRaft are executed only before the subgroupRaft is enabled
`writeLeader`	SQLMutationTypeWriteLeader are executed only after raft Consensus and execute on write leader

SQLMutations

Underlying type: SQLMutation

SQLMutations A list of SQLMutation

Appears in:

PgdConfiguration

Field	Description	Required	Default	Validation
`isApplied` string array	List of boolean-returning SQL queries. If any of them returns false the mutation will be applied	True		MinItems: 1
`exec` string array	List of SQL queries to be executed to apply this mutation	True		MinItems: 1
`type` SQLMutationType	Type determines when the SQLMutation occurs. 'always': reconcile the mutation at each reconciliation cycle 'beforeSubgroupRaft': are executed only before the subgroupRaft is enabled If not specified, the Type defaults to 'always'.		always	Enum: [always beforeSubgroupRaft writeLeader]

ScheduledBackupSpec

ScheduledBackupSpec defines the desired state of ScheduledBackup

Appears in:

Backup

Field	Description	Required	Default	Validation
`suspend` boolean	If this backup is suspended or not
`immediate` boolean	If the first backup has to be immediately start after creation or not
`schedule` string	The schedule does not follow the same format used in Kubernetes CronJobs as it includes an additional second specifier, see https://pkg.go.dev/github.com/robfig/cron#hdr-CRON_Expression_Format	True
`backupOwnerReference` string	Indicates which ownerReference should be put inside the created backup resources. - none: no owner reference for created backup objects (same behavior as before the field was introduced) - self: sets the Scheduled backup object as owner of the backup - cluster: set the cluster as owner of the backup		none	Enum: [none self cluster]
`target` BackupTarget	The policy to decide which instance should perform this backup. If empty, it defaults to `cluster.spec.backup.target`. Available options are empty string, `primary` and `prefer-standby`. `primary` to have backups run always on primary instances, `prefer-standby` to have backups run preferably on the most updated standby, if available. For PGD groups, this field is ignored and the backup will always run on the primary instance as there is no standby in the node cluster.			Enum: [primary prefer-standby]
`method` BackupMethod	The backup method to be used, possible options are `barmanObjectStore`, `volumeSnapshot` and `plugin`. Defaults to: `barmanObjectStore`.		barmanObjectStore	Enum: [barmanObjectStore volumeSnapshot plugin]
`pluginConfiguration` BackupPluginConfiguration	Configuration parameters passed to the plugin managing this backup
`online` boolean	Whether the default type of backup with volume snapshots is online/hot (`true`, default) or offline/cold (`false`) Overrides the default setting specified in the cluster field '.spec.backup.volumeSnapshot.online'
`onlineConfiguration` OnlineConfiguration	Configuration parameters to control the online/hot backup with volume snapshots Overrides the default settings specified in the cluster '.backup.volumeSnapshot.onlineConfiguration' stanza

ScheduledBackupStatus

ScheduledBackupStatus contains the status of the scheduled backup

Appears in:

BackupStatus

Field	Description	Required	Default	Validation
`method` BackupMethod	Method is the backup method used to take the backup
`name` string	Name is the name of the scheduled backup
`hash` string	Hash is the hash of the scheduled backup configuration

ServerCertConfiguration

ServerCertConfiguration contains the information to generate the certificates for the nodes

Appears in:

TLSConfiguration

Field	Description	Required	Default	Validation
`caCertSecret` string	CACertSecret is the secret of the CA to be injected into the CloudNativePG ServerCASecret configuration	True
`certManager` CertManagerTemplate	The cert-manager template used to generate the certificates	True

ServiceTemplate

ServiceTemplate is a structure that allows the user to set a template for the Service generation.

Appears in:

ConnectivityConfiguration

Field	Description	Required	Default	Validation
`metadata` Metadata	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` ServiceSpec	Specification of the desired behavior of the service. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status	True
`updateStrategy` ServiceUpdateStrategy	UpdateStrategy indicates how to update the services generated by this template.		patch	Enum: [patch replace]

ServiceUpdateStrategy

Underlying type: string

ServiceUpdateStrategy defines the type for updating LoadBalancers. Allowed values are "patch" and "replace".

Appears in:

ServiceTemplate

Field	Description
`patch`	ServiceUpdateStrategyPatch indicates to update existing services with a PATCH request
`replace`	ServiceUpdateStrategyReplace indicates to update existing LoadBalancer services by recreating the service ServiceUpdateStrategyReplace should be used for LoadBalancer services created in AWS.

TLSConfiguration

TLSConfiguration is the configuration of the TLS infrastructure used by PGD to connect to the nodes

Appears in:

ConnectivityConfiguration

Field	Description	Required	Default	Validation
`mode` TLSMode		True	verify-ca	Enum: [verify-ca verify-full require]
`serverCert` ServerCertConfiguration	The configuration for the server certificates	True
`clientCert` ClientCertConfiguration	The configuration for the client certificates	True

TLSMode

Underlying type: string

TLSMode describes which mode should be used for the node to node communications

Appears in:

TLSConfiguration

Field	Description
`verify-full`	VerifyFull verifies that the certificate is signed by the passed CA and the server host name matches the certificate
`verify-ca`	VerifyCA verifies that the certificate is signed by the passed CA
`require`	Require requires TLS but do not perform any certificate validation

VolumeSnapshotRestoreStatus

VolumeSnapshotRestoreStatus the volumeSnapshot to restore

Appears in:

RestoreStatus

Field	Description	Required	Default	Validation
`snapshotName` string	SnapshotName is the snapshot name to restore
`pvcRole` string	PVCRole is the pvcRole snapshot to restore
`tablespaceName` string	TablespaceName is the tablespace name the snapshot belongs to, if the pvcRole is `PG_TABLESPACE`

VolumeSnapshotsConfiguration

VolumeSnapshotsConfiguration contains the configuration for the volumeSnapshots restore

Appears in:

Restore

Field	Description	Required	Default	Validation
`selector` LabelSelector	Label selector used to select the volumeSnapshot to restore	True

CertificateKeystores

CertificateKeystores configures additional keystore output formats to be created in the Certificate's output Secret.

Appears in:

CertificateSpec

Field	Description	Required	Default	Validation
`jks` JKSKeystore	JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource.
`pkcs12` PKCS12Keystore	PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource.

CertificateList

CertificateList is a list of Certificates

Field	Description	Required
`apiVersion` string	`cert-manager.io/v1`	True
`kind` string	`CertificateList`	True
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.	True

CertificatePrivateKey

CertificatePrivateKey contains configuration options for private keys used by the Certificate controller. This allows control of how private keys are rotated.

Appears in:

CertificateSpec

Field	Description	Validation
`rotationPolicy` PrivateKeyRotationPolicy	RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. If set to Never, a private key will only be generated if one does not already exist in the target `spec.secretName`. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to Always, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is 'Never' for backward compatibility.
`encoding` PrivateKeyEncoding	The private key cryptography standards (PKCS) encoding for this certificate's private key to be encoded in. If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and PKCS#8, respectively. Defaults to `PKCS1` if not specified.	Enum: [PKCS1 PKCS8]
`algorithm` PrivateKeyAlgorithm	Algorithm is the private key algorithm of the corresponding private key for this certificate. If provided, allowed values are either `RSA`,`Ed25519` or `ECDSA` If `algorithm` is specified and `size` is not provided, key size of 256 will be used for `ECDSA` key algorithm and key size of 2048 will be used for `RSA` key algorithm. key size is ignored when using the `Ed25519` key algorithm.	Enum: [RSA ECDSA Ed25519]
`size` integer	Size is the key bit size of the corresponding private key for this certificate. If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, and will default to `2048` if not specified. If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, and will default to `256` if not specified. If `algorithm` is set to `Ed25519`, Size is ignored. No other values are allowed.

CertificateSpec

CertificateSpec defines the desired state of Certificate. A valid Certificate requires at least one of a CommonName, DNSName, or URISAN to be valid.

Appears in:

CertManagerTemplate

Field	Description	Required	Validation
`subject` X509Subject	Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name).
`commonName` string	CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4
`duration` Duration	The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types. If unset this defaults to 90 days. Certificate will be renewed either 2/3 through its duration or `renewBefore` period before its expiry, whichever is later. Minimum accepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration
`renewBefore` Duration	How long before the currently issued certificate's expiry cert-manager should renew the certificate. The default is 2/3 of the issued certificate's duration. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration
`dnsNames` string array	DNSNames is a list of DNS subjectAltNames to be set on the Certificate.
`ipAddresses` string array	IPAddresses is a list of IP address subjectAltNames to be set on the Certificate.
`uris` string array	URIs is a list of URI subjectAltNames to be set on the Certificate.
`emailAddresses` string array	EmailAddresses is a list of email subjectAltNames to be set on the Certificate.
`secretName` string	SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer. IMPORTANT: this field was required in the original cert-manager API declaration	True
`keystores` CertificateKeystores	Keystores configures additional keystore output formats stored in the `secretName` Secret resource.
`issuerRef` ObjectReference	IssuerRef is a reference to the issuer for this certificate. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the Certificate will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times.	True
`isCA` boolean	IsCA will mark this Certificate as valid for certificate signing. This will automatically add the `cert sign` usage to the list of `usages`.
`usages` KeyUsage array	Usages is the set of x509 usages that are requested for the certificate. Defaults to `digital signature` and `key encipherment` if not specified.		Enum: [signing digital signature content commitment key encipherment key agreement data encipherment cert sign crl sign encipher only decipher only any server auth client auth code signing email protection s/mime ipsec end system ipsec tunnel ipsec user timestamping ocsp signing microsoft sgc netscape sgc]
`privateKey` CertificatePrivateKey	Options to control private keys used for the Certificate.
`encodeUsagesInRequest` boolean	EncodeUsagesInRequest controls whether key usages should be present in the CertificateRequest
`revisionHistoryLimit` integer	revisionHistoryLimit is the maximum number of CertificateRequest revisions that are maintained in the Certificate's history. Each revision represents a single `CertificateRequest` created by this Certificate, either when it was created, renewed, or Spec was changed. Revisions will be removed by oldest first if the number of revisions exceeds this number. If set, revisionHistoryLimit must be a value of `1` or greater. If unset (`nil`), revisions will not be garbage collected. Default value is `nil`.		ExclusiveMaximum: false

JKSKeystore

JKSKeystore configures options for storing a JKS keystore in the spec.secretName Secret resource.

Appears in:

CertificateKeystores

Field	Description	Required	Default	Validation
`create` boolean	Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will only be updated upon re-issuance. A file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority	True
`passwordSecretRef` SecretKeySelector	PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore.	True

KeyUsage

Underlying type: string

KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3

https://tools.ietf.org/html/rfc5280#section-4.2.1.12

Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"

Validation:

Enum: [signing digital signature content commitment key encipherment key agreement data encipherment cert sign crl sign encipher only decipher only any server auth client auth code signing email protection s/mime ipsec end system ipsec tunnel ipsec user timestamping ocsp signing microsoft sgc netscape sgc]

Appears in:

CertificateSpec

Field	Description
`signing`	UsageSigning is a key usage flag
`digital signature`	UsageDigitalSignature is a key usage flag
`content commitment`	UsageContentCommitment is a key usage flag
`key encipherment`	UsageKeyEncipherment is a key usage flag
`key agreement`	UsageKeyAgreement is a key usage flag
`data encipherment`	UsageDataEncipherment is a key usage flag
`cert sign`	UsageCertSign is a key usage flag
`crl sign`	UsageCRLSign is a key usage flag
`encipher only`	UsageEncipherOnly is a key usage flag
`decipher only`	UsageDecipherOnly is a key usage flag
`any`	UsageAny is a key usage flag
`server auth`	UsageServerAuth is a key usage flag
`client auth`	UsageClientAuth is a key usage flag
`code signing`	UsageCodeSigning is a key usage flag
`email protection`	UsageEmailProtection is a key usage flag
`s/mime`	UsageSMIME is a key usage flag
`ipsec end system`	UsageIPsecEndSystem is a key usage flag
`ipsec tunnel`	UsageIPsecTunnel is a key usage flag
`ipsec user`	UsageIPsecUser is a key usage flag
`timestamping`	UsageTimestamping is a key usage flag
`ocsp signing`	UsageOCSPSigning is a key usage flag
`microsoft sgc`	UsageMicrosoftSGC is a key usage flag
`netscape sgc`	UsageNetscapeSGC is a key usage flag

LocalObjectReference

LocalObjectReference is a reference to an object in the same namespace as the referent. If the referent is a cluster-scoped resource (e.g. a ClusterIssuer), the reference instead refers to the resource with the given name in the configured 'cluster resource namespace', which is set as a flag on the controller component (and defaults to the namespace that cert-manager runs in).

Appears in:

SecretKeySelector

Field	Description	Required	Default	Validation
`name` string	Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names	True

ObjectReference

ObjectReference is a reference to an object with a given name, kind and group.

Appears in:

CertificateSpec

Field	Description	Required
`name` string	Name of the resource being referred to.	True
`kind` string	Kind of the resource being referred to.
`group` string	Group of the resource being referred to.

PKCS12Keystore

PKCS12Keystore configures options for storing a PKCS12 keystore in the spec.secretName Secret resource.

Appears in:

CertificateKeystores

Field	Description	Required	Default	Validation
`create` boolean	Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will only be updated upon re-issuance. A file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority	True
`passwordSecretRef` SecretKeySelector	PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore.	True

PrivateKeyAlgorithm

Underlying type: string

PrivateKeyAlgorithm represent a private key algorithm

Validation:

Enum: [RSA ECDSA Ed25519]

Appears in:

CertificatePrivateKey

Field	Description
`RSA`	RSAKeyAlgorithm denotes the RSA private key type.
`ECDSA`	ECDSAKeyAlgorithm denotes the ECDSA private key type.
`Ed25519`	Ed25519KeyAlgorithm denotes the Ed25519 private key type.

PrivateKeyEncoding

Underlying type: string

PrivateKeyEncoding represent a private key encoding

Validation:

Enum: [PKCS1 PKCS8]

Appears in:

CertificatePrivateKey

Field	Description
`PKCS1`	PKCS1 key encoding will produce PEM files that include the type of private key as part of the PEM header, e.g. `BEGIN RSA PRIVATE KEY`. If the keyAlgorithm is set to 'ECDSA', this will produce private keys that use the `BEGIN EC PRIVATE KEY` header.
`PKCS8`	PKCS8 key encoding will produce PEM files with the `BEGIN PRIVATE KEY` header. It encodes the keyAlgorithm of the private key as part of the DER encoded PEM block.

PrivateKeyRotationPolicy

Underlying type: string

PrivateKeyRotationPolicy denotes how private keys should be generated or sourced when a Certificate is being issued.

Appears in:

CertificatePrivateKey

SecretKeySelector

SecretKeySelector is a reference to a specific 'key' within a Secret resource. In some instances, key is a required field.

Appears in:

Field	Description	Required	Default	Validation
`name` string	Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names	True
`key` string	The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.

X509Subject

X509Subject Full X509 name specification

Appears in:

CertificateSpec

Field	Description	Required	Default	Validation
`organizations` string array	Organizations to be used on the Certificate.
`countries` string array	Countries to be used on the Certificate.
`organizationalUnits` string array	Organizational Units to be used on the Certificate.
`localities` string array	Cities to be used on the Certificate.
`provinces` string array	State/Provinces to be used on the Certificate.
`streetAddresses` string array	Street addresses to be used on the Certificate.
`postalCodes` string array	Postal codes to be used on the Certificate.
`serialNumber` string	Serial number to be used on the Certificate.

On this page
Packages

← Prev

Upgrade from PGD5 to PGD6

↑ Up

EDB Postgres® AI for CloudNativePG™ Global Cluster

Supported versions